Authentication via biometric passphrase

ABSTRACT

A system, method and computer program product for granting access and/or an authorization are disclosed. For instance, a computer-implemented method may include receiving a first sequence of plurality of biometric data elements. The sequence of plurality of biometric data elements may comprise a biometric passphrase. The method may include registering the biometric passphrase to a known user and/or a transaction account. The method may include receiving a transaction request comprising a second sequence of plurality of biometric data elements. The method may include comparing the second sequence of plurality of biometric data elements to the biometric passphrase to resulting in a confidence factor of the comparison. The comparison may include comparing the sequencing of the second sequence of plurality of biometric data elements and the characteristics of each biometric data element of the second sequence of plurality of biometric data elements to the biometric passphrase.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of, claims priority to and thebenefit of, U.S. Ser. No. 14/280,985 filed May 19, 2014 and entitled“AUTHENTICATION VIA BIOMETRIC PASSPHRASE,” which is hereby incorporatedby reference in its entirety for all purposes.

FIELD

The present disclosure generally relates to financial transactions, andmore particularly, a system and method of processing financialtransactions using biometrics.

BACKGROUND

Biometric authentication (e.g., fingerprint biometric authentication onmobile devices in the payment context) has gained some popularityrecently with the advent of the Fast Identity Online (FIDO) standard andadoption by various peer-to-peer payment providers in their onlinecheckout flow. Biometrics are powerful authentication methods; however;biometric identifiers carry an underappreciated danger when thesignature that identifies “you” is compromised. The danger is a fargreater threat than simply losing a password.

A common perception is that fingerprint authentication is relativelysecure, however; this is often not the case. Fingerprints areunwittingly left accessible in public areas, such as by merely touchingobjects. Moreover, facsimiles of one's fingerprint can be easily andquickly reproduced to spoof fingerprint reading devices. This poses asecurity risk for those who lose track of a fingerprint authenticationdevice, as systems can be compromised. What is needed is a convenient,unique personal identifier whose use is insulated from misuse.

SUMMARY

The present disclosure meets the various needs described above byproviding a system, method and computer program product for grantingaccess and/or an authorization. For instance, a computer-implementedmethod may include receiving a first sequence of a plurality ofbiometric data elements. The sequence of plurality of biometric dataelements may comprise a biometric passphrase. The method may includeregistering the biometric passphrase to a known user and/or atransaction account. The method may include receiving a transactionrequest comprising a second sequence of plurality of biometric dataelements. The method may further include comparing the second sequenceof the plurality of biometric data elements to the biometric passphrase,resulting in a confidence factor of the comparison. The method may alsoinclude authorizing the transaction request based on the confidencefactor of the comparison of the second sequence of the plurality ofbiometric data elements, with the registered biometric passphrase beingabove a threshold. The comparison may include comparing the sequencingof the second sequence of plurality of biometric data elements and thecharacteristics of each biometric data element of the second sequence ofplurality of biometric data elements, to the biometric passphrase.

BRIEF DESCRIPTION OF THE DRAWINGS

The features and advantages of the present disclosure will become moreapparent from the detailed description set forth below when taken inconjunction with the drawings. The left-most digit of a reference numberidentifies the drawing in which the reference number first appears.

FIG. 1 illustrates a block diagram of a system for processingtransactions using a biometric passphrase according to variousembodiments of the disclosure;

FIGS. 2-7 depict examples of various biometric passphrases according tovarious embodiments of the disclosure; and

FIG. 8 depicts a method of utilizing a biometric passphrase according tovarious embodiments of the disclosure.

DETAILED DESCRIPTION

The detailed description of exemplary embodiments herein makes referenceto the accompanying drawings and pictures, which show variousembodiments by way of illustration. While these various embodiments aredescribed in sufficient detail to enable those skilled in the art topractice the disclosure, it should be understood that other embodimentsmay be realized and that logical and mechanical changes may be madewithout departing from the spirit and scope of the disclosure. Thus, thedetailed description herein is presented for purposes of illustrationonly and not of limitation. For example, the steps recited in any of themethod or process descriptions may be executed in any order and are notlimited to the order presented. Moreover, any of the functions or stepsmay be outsourced to or performed by one or more third parties.Furthermore, any reference to singular includes plural embodiments, andany reference to more than one component may include a singularembodiment.

The phrases consumer, customer, user, account holder, cardmember or thelike shall include any person, entity, business, governmentorganization, business, software, hardware, machine associated with atransaction account, buys merchant offerings offered by one or moremerchants using the account and/or who is legally designated forperforming transactions on the account, regardless of whether a physicalcard is associated with the account. For example, the cardmember mayinclude a transaction account owner, a transaction account user, anaccount affiliate, a child account user, a subsidiary account user, abeneficiary of an account, a custodian of an account, and/or any otherperson or entity affiliated or associated with a transaction account.

The present disclosure meets the various needs described above byproviding a system, method and computer program product for a biometricpassphrase. A biometric passphrase as used herein may refer to acombination of unique biometric signature elements used to identify auser and/or transaction account.

Conventionally, minimizing fraud included the use of a personalidentification code (e.g., PIN) which may be managed through the use ofinternational standards (e.g., ISO 9564). For instance, at the time ofthe transaction, a consumer's transaction instrument may be presentedto, inserted into, swiped and/or interface with a transaction instrumentreader. The reader extracts certain data from the transactioninstrument, such as an account code and/or number. The transactioninstrument reader then requests the user enter his or her personalidentification code on a special keypad sometimes called a PinPad orpersonal identification code reader. The personal identification codemay be immediately encrypted and secured. The secured personalidentification code data is then transmitted through secure means to anauthorization location, such as an authorization computer, where thetransaction account holder data is stored.

At the authorization computer, the account identification data is usedto securely lookup or calculate the personal identification code for theaccount, to verify that the personal identification code entered by thecardholder is correct. This approach minimizes fraud because the personin possession of the card must also know the secret personalidentification code to complete the transaction. However, the personalidentification code is traditionally limited to a string of numbers,upper and lowercase letters, and/or keyboard symbols that are readilyaccessible to the general public, including hackers.

In contrast to this conventional approach, the biometric passphrase mayinclude a combination of several unique biometric data elements that arespecific to a user. Thus, the biometric passphrase limits theavailability of the characters for misuse. The unique biometric dataelements to be used as authentication data may comprise, for example, aspecific utterance of a specific user's voice, a fingerprint, facialscan, ear scan, vascular pattern, DNA sample, hand geometry, olfaction,keystroke/typing style, retinal data and/or any other biometric relatingto recognition based upon any body part, function, system, attributeand/or other characteristic, or any portion thereof.

Systems, methods, and articles of manufacture capable of processing atransaction using a biometric passphrase are disclosed herein. Invarious embodiments, a portable consumer device may contain, obtainand/or download an authorization application. This authorizationapplication may be configured to securely store and/or capture andtransmit biometric data element information. The authorizationapplication may be configured to allow a transaction to be initiatedand/or proceed. In various embodiments, the authorization applicationmay be configured to associate and/or append biometric passphrase datato a transaction request as part of a fraud prevention process. Forinstance, a user may register with an authorization system such that anauthorization system may link and/or associate a plurality of biometricdata elements and/or a sequence of biometric data elements to a userprofile. The user profile may be associated with one or more transactionaccounts. This pre-stored sequence of biometric data element informationmay be compared against, as part of an authorization process, such as atransaction authorization process.

In conjunction with registration, a user may store biometriccharacteristics as individual biometric data elements. In this way, auser may create a dictionary of biometric data elements to later utilizeas his biometric passphrase. For instance, a user may be requested by aprogram (e.g., authorization application) to provide a fingerprint foreach finger and/or to speak a variety of phrases. This individualizeddictionary of biometric data elements may be stored by an authorizationsystem or locally for easily manipulation and changing of a biometricpassphrase. According to various embodiments, a user may select digitsof the individualized biometric dictionary to comprise his passphraseand/or store new biometric data elements as desired. The user may changehis biometric passphrase at any time.

According to various embodiments, a portable consumer device maytransmit a transaction account number and a biometric passphrase, readby biometric reader, to a merchant point of sale (POS) system (e.g., avirtual POS system) to create a transaction request. A merchant maytransmit a transaction request to the account authorization system. Theaccount authorization system may compare the transaction account numberand the biometric passphrase with information stored in a database. Theaccount authorization system may transmit an authorization message tothe merchant.

Referring to FIG. 1, a system for processing payments using a biometricpassphrase is illustrated according to various embodiments. The systemmay comprise an Account/Card Authorization System (“CAS”) 110, Network120, a Portable Consumer Device (“PCD”) 130 and/or a biometric reader135, and a merchant Point of Sale device (“POS”) 140. The various systemcomponents may communicate via network 120.

In various embodiments, CAS 110 (also known as an account authorizationsystem) may be capable of or configured to perform all or part of anauthorization process in relation to a payment transaction associatedwith a transaction account. CAS 110 may comprise any combination ofhardware and software, such as servers, databases, firewalls, computers,etc., in order to authorize transactions. In various embodiments, CAS110 may be operated by a payment processor (e.g., transaction accountissuer). CAS 110 may comprise and/or be in electronic communication witha biometric database 115 configured for storing and comparing biometricdata element information.

Network 120 may include any cloud, cloud computing system or electroniccommunications system or method which incorporates hardware and/orsoftware components. Communication among the parties may be accomplishedthrough any suitable communication channels, such as, for example, atelephone network, an extranet, an intranet, Internet, point ofinteraction device (point of sale device, personal digital assistant(e.g., iPhone®, Palm Pilot®, Blackberry®), cellular phone, kiosk, etc.),online communications, satellite communications, off-linecommunications, wireless communications, transponder communications,local area network (LAN), wide area network (WAN), virtual privatenetwork (VPN), networked or linked devices, keyboard, mouse and/or anysuitable communication or data input modality. Moreover, although thesystem is frequently described herein as being implemented with TCP/IPcommunications protocols, the system may also be implemented using IPX,Appletalk, IP-6, NetBIOS, OSI, any tunneling protocol (e.g. IPsec, SSH),or any number of existing or future protocols. If the network is in thenature of a public network, such as the Internet, it may be advantageousto presume the network to be insecure and open to eavesdroppers.Specific information related to the protocols, standards, andapplication software utilized in connection with the Internet isgenerally known to those skilled in the art and, as such, need not bedetailed herein. See, for example, DILIP NAIK, INTERNET STANDARDS ANDPROTOCOLS (1998); JAVA 2 COMPLETE, various authors, (Sybex 1999);DEBORAH RAY AND ERIC RAY, MASTERING HTML 4.0 (1997); and LOSHIN, TCP/IPCLEARLY EXPLAINED (1997) and DAVID GOURLEY AND BRIAN TOTTY, HTTP, THEDEFINITIVE GUIDE (2002), the contents of which are hereby incorporatedby reference.

The various system components may be independently, separately orcollectively suitably coupled to the network via data links whichincludes, for example, a connection to an Internet Service Provider(ISP) over the local loop as is typically used in connection withstandard modem communication, cable modem, Dish networks, ISDN, DigitalSubscriber Line (DSL), or various wireless communication methods, see,e.g., GILBERT HELD, UNDERSTANDING DATA COMMUNICATIONS (1996), which ishereby incorporated by reference. It is noted that the network may beimplemented as other types of networks, such as an interactivetelevision (ITV) network. Moreover, the system contemplates the use,sale or distribution of any goods, services or information over anynetwork having similar functionality described herein.

PCD 130 may comprise any device capable of interacting with Network 120.In various embodiments, PCD 130 may comprise a cellular phone. However,in various embodiments PCD 130 may comprise a smart card, PDA, laptop,personal computer, GPS device, car navigation system, web client, or anyother device. PCD 130 may comprise and/or be coupled to a biometricreader 135. PCD 130 may store biometric data elements. Various types ofweb clients which may function as a PCD 130 are described in furtherdetail herein.

Biometric reader 135 may be any desired biometric reader configured toextract and/or manipulate a biometric characteristic into a biometricdata element, such as a fingerprint scanner, microphone/voicerecognition capture device, camera, and/or a retinal scanner. Biometricreader 135 may be coupled to PCD 130 and/or POS 140. Biometric reader135 may be a stand-alone biometric reader coupled to other electronicdevices via a network 120.

POS 140 may comprise any combination of hardware and/or software capableof facilitating a transaction between a sender and a recipient, such asa consumer and a merchant. In various embodiments, POS 140 may comprisea cash register at a brick and mortar store. However, in variousembodiments, POS 140 may comprise a website. POS 140 may comprise agateway as described in further detail herein. POS may also comprise aPCD similar to PCD 130.

In various embodiments, PCD 130 and/or biometric reader 135 may syncwith CAS 110 to communicate biometric data element information. Invarious embodiments, PCD 130 may store biometric data elements. Invarious embodiments, for even greater security, PCD 130 may onlydownload or upload biometric data element information in response to auser inputting verification information into PCD 130. In variousembodiments, PCD 130 may transmit a request to reset the biometricpassphrase to CAS 110.

In various embodiments, a consumer may initiate the transactionapplication on PCD 130. The consumer may initiate the transactionapplication in a variety of ways, including tapping or clicking a buttonor other visual display, or by making a sound, such as a voice command.The authorization application may request that the consumer enterverification information in the form of a biometric passphrase.

In various embodiments, and with reference to FIG. 2, the biometricpassphrase may include a plurality of biometric data elements, such asmultiple distinct fingerprints in succession (e.g., a 5 digit pass phaseof the user's right hand index finger, fingerprint #1; the user's righthand index finger, fingerprint #2; the user's right hand second finger,fingerprint #3; the user's left hand index finger, fingerprint #4; theuser's right hand pinky, fingerprint #5). The biometric data elementsmay be conceptualized as “digits” that can be used in a desired orderproviding at least a second order of authentication that begetsincreased security as compared with keyboard characters. The biometricidentifiers that uniquely identify a user may be combined into achangeable biometric passphrase. The biometric passphrase may be anydesired length over a preset minimum, such as more than 1 biometric dataelement. In this way, an additional layer of complexity is introducedfor those that wish to reverse engineer a biometric passphrase, such asa hacker. The biometric reader 135 may present the user with anindicator to alert the user that it has registered a biometric dataelement and is ready to accept an additional biometric data element. Theindicator may be haptic, visual, and/or auditory. The biometric reader135 may be programed to wait a desired time interval between takingbiometric readings. In this way, a biometric passphrase of multiplebiometric data elements may be entered in via a single biometric reader.In various embodiments, in response to a successful creation of abiometric data element from a biometric characteristic, the biometricreader 135 may be ready to accept and/or create an additional biometricdata element. In response to a user using a second input device (e.g., asecond biometric reader or keyboard), the system may store the biometricdata elements in the order in which they were received for comparisonagainst both the pre-stored biometric data elements and theirsequencing.

In various embodiments, and with reference to FIG. 3, the biometricpassphrase may include a plurality of biometric data elements, such asmultiple fingerprints in succession (e.g., a 5 digit pass phase of theuser's right hand index finger, fingerprint #1; the user's right handindex finger, fingerprint #2; user's right hand index finger,fingerprint #1, the user's right hand second finger, fingerprint #3; theuser's right hand index finger, fingerprint #2). For instance, thebiometric data elements may be used multiple times within the samebiometric passphrase.

In various embodiments, and with reference to FIG. 4, the orientation ofthe captured biometric data elements may be particular to the biometricpassphrase. Stated another way, according to various embodiments, thebiometric passphrase combinations may include multiple districtbiometric data element types entered in a particular orientation ormanner. For instance, the passphrase may include a plurality ofbiometric data elements, such as multiple fingerprints in succession(e.g., a 5 digit pass phase of the user's right hand index finger,fingerprint #1; the user's right hand index finger, fingerprint #2;user's right hand index finger inverted with respect to the way it waspresented to the biometric reader 135 as fingerprint #1, fingerprint#1′, the user's right hand second finger, fingerprint #3; the user'sright hand index finger, fingerprint #2). In this way, an additionallayer of complexity is introduced for those that wish to reverseengineer a biometric passphrase.

Similar to the example depicted in FIG. 4, in various embodiments, andwith reference to FIG. 5, the biometric passphrase may include aplurality of biometric data elements, such as multiple fingerprints insuccession (e.g., a 3 digit pass phase of the user's right hand indexfinger, fingerprint #1; the user's right hand index finger, fingerprint#2; user's right hand index finger rotated 90 degrees in the clockwisedirection with respect the presentation of fingerprint #1, fingerprint#”). Though any angle of presentation of a biometric character, such asa fingerprint, is contemplated, rotating the biometric character forpresentation to biometric reader any amount of degrees (90, 180, 270degrees) is contemplated herein.

In various embodiments, and with reference to FIG. 6, the biometricpassphrase may include a plurality of biometric data elements, such as asingle fingerprint utilized in succession (e.g., a 3 digit pass phase ofthe user's right hand index finger, fingerprint #1; the user's righthand index finger, fingerprint #1; and the user's right hand indexfinger, fingerprint #1). For instance, the biometric data elements maybe used multiple times within the same biometric passphrase. The speedat which the user enters the biometric data elements may be an elementof a biometric passphrase. For instance, the total speed from the startof the entering of biometric data elements to the completion of thebiometric data elements for the entire biometric passphrase may be anadditional biometric passphrase constraint. For instance, the entirebiometric passphrase may be entered above or below a predeterminedamount of time. According to various embodiments, a duration betweenentering biometric data elements may be a factor of the biometricpassphrase. For instance, a duration between biometric passphrase digitsmay be required to be above or below a threshold of a predeterminedamount of time, such as, a half second, a second, and/or three second.In this way, access is grated based on unique identifiers to aparticular user, entered in a style unique to that user. This timingthreshold may also stymie hackers trying to enter multiple guesses aseach pattern even though correctly guessed may have a different timingscheme. In these scenarios, a timer may be coupled to the biometricreader 135. The time between biometric passphrase digits and/or theentry of the complete biometric passphrase and/or a portion of thebiometric passphrase may be based on a user's pre-saved entry and/orselected via a menu in authorization application during registrationand/or updating of the biometric passphrase.

According to various embodiments, and with reference to FIG. 7, thebiometric passphrase combinations may include multiple biometric dataelements types. For example, a combination of fingerprints and spokenvoice could become a passphrase. Further still, as depicted in FIG. 7, apassphrase may comprise a combination of fingerprints, spoken voice andkeyboard characters. For instance, the biometric passphrase may includea plurality of biometric data elements, such as multiple biometric dataelements in succession (e.g., a 5 digit pass phase of the user's righthand index finger, fingerprint #1; a voiceprint of a distinct utteranceof the user, such as speaking the word “DOG”, voiceprint #1; the user'sright hand index finger, fingerprint #1; an case sensitive entry of akeyboard character, uppercase letter “K”; and the user's right handindex finger, fingerprint #2). The transaction application may verifythe verification information against locally pre-stored biometric dataelement information. According to various embodiments, the biometricpassphrase may not be stored locally on the PCD 130 and may be securelystored by a biometric database 115. The transaction application mayverify the verification information against locally pre-stored biometricdata element information.

According to various embodiments, the biometric passphrase may comprisea plurality of biometric characteristics may be captured by the systemin concert with each other. For instance, a voice print may be utteredand recorded by a sensor, such as a microphone when a fingerprint isbeing read by a biometric reader 135, e.g., a finger print reader.Authorization may be based on the plurality of biometric data elementsbeing received in concert with each other.

The biometric passphrase may authenticate the user to use the one ormore transaction accounts in a transaction. In the scenario of multipleaccounts, the biometric passphrase may be used to identify which accountshould be used to process the transaction request. This allows PCD 130to store biometric passphrase for different types of accounts, such as,for example, credit, charge, debit, pre-paid, and loyalty accounts. Asan example, data related to two accounts may exist on the PCD 130, eachassociated with a unique biometric passphrase and/or uniqueauthorization data. In response to the authentication request, theaccountholder/user may decide which account should be used for thepayment through the biometric passphrase and/or authorization dataprovided. If the biometric passphrase for the charge account is used,that account is used in the transaction request that is provided to thePOS 140 reader. This approach affords a PCD 130 the ability ofadditional security of the account codes stored PCD 130 by requesting anexplicit authentication of the account by the accountholder before thepayment is consummated and/or in the initial transaction requestinitiation.

The payment processor may use preprogrammed logic to authorize thetransaction. This pre-programmed logic may include identification of thecustomer, identification of account type (e.g. credit, debit, loyalty,pre-paid, charge, etc.) a verification that the account is in goodstanding (e.g. does not exceed credit limit, the account is not inarrears, there is enough balance in the prepaid account to cover thetransaction, etc.)

If one or more of these criteria are not met, the transaction may bedeclined. If one or more of these criteria are met, the transaction maybe confirmed and the payment processor may send an approval message tothe POS 140 system. The transaction may then be consummated. In variousembodiments, encrypted biometric data elements in the form of apresented passphrase may be verified locally at PCD 130 and the transferof transaction information is not initiated until a match to thepre-stored biometric phase is made. Biometric data elements, such asinputted digitized fingerprint data may be encrypted (post input).Either the digitized fingerprint data or encrypted digitized fingerprintdata may be compared with pre-stored (trusted) respective digitizedfingerprint data or encrypted digitized fingerprint data locally orremotely. A confidence factor may be generated based on the comparison.In response to a match and/or association of high confidence factorbeing made (e.g., above a preset threshold, such as 90%), thetransaction initiation may progress. If no match is made, an errorsignal may be communicated. In response to the error signal, a user maybe requested to/elect try again. In various embodiments, in response tothe comparison of the sequence of the plurality of biometric dataelements with the registered biometric passphrase being below thethreshold, the system may transmit a request for the user to provide asequence of biometric data elements randomly selected from thedictionary of pre-stored biometric data elements of the user. Forinstance, the authorization system may request the user provide theirright hand index fingerprint to a reader; a voiceprint of a distinctutterance of the user, such as speaking a previously saved word and/orthe user provide their left hand pinky fingerprint to a reader.

Though not depicted, the device may match the inputted digitizedfingerprint to a selection of pre-stored fingerprints and associate theinputted digitized fingerprint to a particular user and a particularuser's transaction account. In this way, the digitized fingerprint datamay act as an account selection identifier.

CAS 110 may receive the transaction request and create an approval ordenial message. CAS 110 may detect a biometric passphrase in thetransaction request. CAS 110 may compare the biometric passphrase in thetransaction request with a pre-stored biometric passphrase associatedwith the user. In response to the biometric passphrase associated withthe transaction request matching the appropriate pre-stored biometricpassphrase, CAS 110 may generate an approval message and transmit theapproval message to the merchant.

In various embodiments, the authorization system may transmit atransaction notification to PCD 130. The transaction notification may besent within the authorization application. In various embodiments thetransaction notification may be sent via a SMS, text, e-mail, or othermethod of communication. The transaction notification may include thatthe consumer confirm the transaction by clicking on a confirm button orby indicating their confirmation in any other manner. The transactionnotification may request the consumer to enter a password or otherverification information. In various embodiments, the CAS 110 maydetermine that the transaction was fraudulent based on the response fromPCD 130.

According to various embodiments, and with reference to FIG. 8, a methodof authorizing a transaction may include receiving a first sequence of aplurality of biometric data elements, (e.g., biometric passphrase) (Step810). These biometric data elements may be stored by a user's device orto a biometric data element database. For instance, the storing mayinclude registering the biometric passphrase to a known user, having atleast one transaction account, in a database (Step 820). The method mayinclude receiving a transaction request comprising a second sequence ofplurality of biometric data elements (Step 830). A comparison of thesecond sequence of plurality of biometric data elements to the biometricpassphrase may be made (Step 840). The decision to authorize thetransaction request may be based on a confidence factor of thecomparison being above a threshold (Step 850).

Though the biometric passphrase has been described herein in associationwith the authorization of a transaction, it should be appreciated thequalities of the biometric passphrase may be utilized in concert withaccessing an electronic device, being granted access, encrypting data,transferring value, verifying attendance, verifying identity, beinggranted physical access to a location, accessing data, and/or the like.Practitioners will appreciate that a single biometric passphrase maycomprise at least 4 levels of security including the individualisticquality of each biometric data element, the sequencing of biometric dataelements, the orientation of capture of the biometric characteristics,and the speed at which a biometric passphrase is entered.

Practitioners will appreciate that the systems and methods describedherein, in addition to being used in the context of a merchant website,may similarly be used in the context of telephone purchases, mail orderpurchases, and any other purchasing scenario where face-to-faceinteraction is limited or nonexistent.

In various embodiments, a user may use the biometric passphrase toaccess their transaction account information. For example, when callingto make account inquiries or transactions over the phone, the user maybe prompted to transmit the biometric passphrase as part of averification process. The user may enter the biometric passphrase ontheir PCD 130 and communicate biometric passphrase to an operator orautomated verification system. In response to the biometric passphrasematching a stored biometric passphrase, the consumer may be grantedaccess to their account. In various embodiments, a transaction requestmay comprise a request to access transaction account information. Whenaccessing transaction account information online, the consumer may berequired to enter the biometric passphrase as part of the verificationprocess.

Any communication, transmission and/or channel discussed herein mayinclude any system or method for delivering content (e.g. data,information, metadata, etc.), and/or the content itself. The content maybe presented in any form or medium, and in various embodiments, thecontent may be delivered electronically and/or capable of beingpresented electronically. For example, a channel may comprise a website,a uniform resource locator (“URL”), a document (e.g., a Microsoft Worddocument, a Microsoft Excel document, an Adobe .pdf document, etc.), an“ebook,” an “emagazine,” an application or microapplication (asdescribed below), an SMS or other type of text message, an email,facebook, twitter, MMS and/or other type of communication technology. Invarious embodiments, a channel may be hosted or provided by a datapartner. In various embodiments, the distribution channel and/or the maycomprise at least one of a merchant website, a social media website,affiliate or partner websites, an external vendor, a mobile devicecommunication, social media network and/or location based service.Distribution channels may include at least one of a merchant website, asocial media site, affiliate or partner websites, an external vendor,and a mobile device communication. Examples of social media sitesinclude Facebook®, Foursquare®, Twitter®, MySpace®, LinkedIn®, and thelike. Examples of affiliate or partner websites include AmericanExpress®, Groupon®, LivingSocial®, and the like. Moreover, examples ofmobile device communications include texting, email, and mobileapplications for smartphones.

A “consumer profile” or “consumer profile data” may comprise anyinformation or data about a consumer that describes an attributeassociated with the consumer (e.g., a preference, an interest,demographic information, personally identifying information, and thelike).

In various embodiments, the methods described herein are implementedusing the various particular machines described herein. The methodsdescribed herein may be implemented using the below particular machines,and those hereinafter developed, in any suitable combination, as wouldbe appreciated immediately by one skilled in the art. Further, as isunambiguous from this disclosure, the methods described herein mayresult in various transformations of certain articles.

Phrases and terms similar to an “entity” may include any individual,consumer, customer, group, business, organization, government entity,transaction account issuer or processor (e.g., credit, charge, etc.),merchant, consortium of merchants, account holder, charitableorganization, software, hardware, and/or any other type of entity. Theterms “user,” “consumer,” “purchaser,” and/or the plural form of theseterms are used interchangeably throughout herein to refer to thosepersons or entities that are alleged to be authorized to use atransaction account.

Phrases and terms similar to “account”, “account number”, “account code”or “consumer account” as used herein, may include any device, code(e.g., one or more of an authorization/access code, personalidentification number (“PIN”), Internet code, other identification code,and/or the like), number, letter, symbol, digital certificate, smartchip, digital signal, analog signal, biometric or otheridentifier/indicia suitably configured to allow the consumer to access,interact with or communicate with the system. The account number mayoptionally be located on or associated with a rewards account, chargeaccount, credit account, debit account, prepaid account, telephone card,embossed card, smart card, magnetic stripe card, bar code card,transponder, radio frequency card or an associated account.

The system may include or interface with any of the foregoing accounts,devices, and/or a transponder and reader (e.g. RFID reader) in RFcommunication with the transponder (which may include a fob), orcommunications between an initiator and a target enabled by near fieldcommunications (NFC). Typical devices may include, for example, a keyring, tag, card, cell phone, wristwatch or any such form capable ofbeing presented for interrogation. Moreover, the system, computing unitor device discussed herein may include a “pervasive computing device,”which may include a traditionally non-computerized device that isembedded with a computing unit.

The account number may be distributed and stored in any form of plastic,electronic, magnetic, radio frequency, wireless, audio and/or opticaldevice capable of transmitting or downloading data from itself to asecond device. A consumer account number may be, for example, asixteen-digit account number, although each credit provider has its ownnumbering system, such as the fifteen-digit numbering system used byAmerican Express. Each company's account numbers comply with thatcompany's standardized format such that the company using afifteen-digit format will generally use three-spaced sets of numbers, asrepresented by the number “0000 000000 00000”. The first five to sevendigits are reserved for processing purposes and identify the issuingbank, account type, etc. In this example, the last (fifteenth) digit isused as a sum check for the fifteen digit number. The intermediaryeight-to-eleven digits are used to uniquely identify the consumer. Amerchant account number may be, for example, any number or alpha-numericcharacters that identify a particular merchant for purposes of accountacceptance, account reconciliation, reporting, or the like.

In various embodiments, an account number and/or account code mayidentify a consumer. In addition, in various embodiments, a consumer maybe identified by a variety of identifiers, including, for example, anemail address, a telephone number, a cookie id, a radio frequencyidentifier (RFID), a biometric, and the like.

Phrases and terms similar to “transaction account” may include anyaccount that may be used to facilitate a financial transaction.

Phrases and terms similar to “financial institution” or “transactionaccount issuer” may include any entity that offers transaction accountservices. Although often referred to as a “financial institution,” thefinancial institution may represent any type of bank, lender or othertype of account issuing institution, such as credit card companies, cardsponsoring companies, or third party issuers under contract withfinancial institutions. It is further noted that other participants maybe involved in some phases of the transaction, such as an intermediarysettlement institution.

Phrases and terms similar to “business” or “merchant” may be usedinterchangeably with each other and shall mean any person, entity,distributor system, software and/or hardware that are a provider, brokerand/or any other entity in the distribution chain of goods or services.For example, a merchant may be a grocery store, a retail store, a travelagency, a service provider, an on-line merchant or the like.

Phrases and terms similar to “merchant,” “supplier” or “seller” mayinclude any entity that receives payment or other consideration. Forexample, a supplier may request payment for goods sold to a buyer whoholds an account with a transaction account issuer.

Phrases similar to a “payment processor” may include a company (e.g., athird party) appointed (e.g., by a merchant) to handle transactions. Apayment processor may include an issuer, acquirer, authorizer and/or anyother system or entity involved in the transaction process. Paymentprocessors may be broken down into two types: front-end and back-end.Front-end payment processors have connections to various transactionaccounts and supply authorization and settlement services to themerchant banks' merchants. Back-end payment processors acceptsettlements from front-end payment processors and, via The FederalReserve Bank, move money from an issuing bank to the merchant bank. Inan operation that will usually take a few seconds, the payment processorwill both check the details received by forwarding the details to therespective account's issuing bank or card association for verification,and may carry out a series of anti-fraud measures against thetransaction. Additional parameters, including the account's country ofissue and its previous payment history, may be used to gauge theprobability of the transaction being approved. In response to thepayment processor receiving confirmation that the transaction accountdetails have been verified, the information may be relayed back to themerchant, who will then complete the payment transaction. In response tothe verification being denied, the payment processor relays theinformation to the merchant, who may then decline the transaction.

Phrases similar to a “payment gateway” or “gateway” may include anapplication service provider service that authorizes payments fore-businesses, online retailers, and/or traditional brick and mortarmerchants. The gateway may be the equivalent of a physical point of saleterminal located in most retail outlets. A payment gateway may protecttransaction account details by encrypting sensitive information, such astransaction account numbers, to ensure that information passes securelybetween the customer and the merchant and also between merchant andpayment processor.

For the sake of brevity, conventional data networking, applicationdevelopment and other functional aspects of the systems (and componentsof the individual operating components of the systems) may not bedescribed in detail herein. Furthermore, the connecting lines shown inthe various figures contained herein are intended to represent exemplaryfunctional relationships and/or physical couplings between the variouselements. It should be noted that many alternative or additionalfunctional relationships or physical connections may be present in apractical system.

The various system components discussed herein may include one or moreof the following: a host server or other computing systems including aprocessor for processing digital data; a memory coupled to the processorfor storing digital data; an input digitizer coupled to the processorfor inputting digital data; an application program stored in the memoryand accessible by the processor for directing processing of digital databy the processor; a display device coupled to the processor and memoryfor displaying information derived from digital data processed by theprocessor; and a plurality of databases. Various databases used hereinmay include: client data; merchant data; financial institution data;and/or like data useful in the operation of the system. As those skilledin the art will appreciate, user computer may include an operatingsystem (e.g., Windows NT, Windows 95/98/2000, Windows XP, Windows Vista,Windows 7, OS2, UNIX, Linux, Solaris, MacOS, etc.) as well as variousconventional support software and drivers typically associated withcomputers.

The present system or any part(s) or function(s) thereof may beimplemented using hardware, software or a combination thereof and may beimplemented in one or more computer systems or other processing systems.However, the manipulations performed by embodiments were often referredto in terms, such as matching or selecting, which are commonlyassociated with mental operations performed by a human operator. No suchcapability of a human operator is necessary, or desirable in most cases,in any of the operations described herein. Rather, the operations may bemachine operations. Useful machines for performing the variousembodiments include general purpose digital computers or similardevices.

In fact, in various embodiments, the embodiments are directed toward oneor more computer systems capable of carrying out the functionalitydescribed herein. The computer system includes one or more processors,such as processor. The processor is connected to a communicationinfrastructure (e.g., a communications bus, cross over bar, or network).Various software embodiments are described in terms of this exemplarycomputer system. After reading this description, it will become apparentto a person skilled in the relevant art(s) how to implement variousembodiments using other computer systems and/or architectures. Computersystem can include a display interface that forwards graphics, text, andother data from the communication infrastructure (or from a frame buffernot shown) for display on a display unit.

Computer system also includes a main memory, such as for example randomaccess memory (RAM), and may also include a secondary memory. Thesecondary memory may include, for example, a hard disk drive and/or aremovable storage drive, representing a floppy disk drive, a magnetictape drive, an optical disk drive, etc. The removable storage drivereads from and/or writes to a removable storage unit in a well knownmanner. Removable storage unit represents a floppy disk, magnetic tape,optical disk, etc. which is read by and written to by removable storagedrive. As will be appreciated, the removable storage unit includes acomputer usable storage medium having stored therein computer softwareand/or data.

In various embodiments, secondary memory may include other similardevices for allowing computer programs or other instructions to beloaded into computer system. Such devices may include, for example, aremovable storage unit and an interface. Examples of such may include aprogram cartridge and cartridge interface (such as that found in videogame devices), a removable memory chip (such as an erasable programmableread only memory (EPROM), or programmable read only memory (PROM)) andassociated socket, and other removable storage units and interfaces,which allow software and data to be transferred from the removablestorage unit to computer system.

Computer system may also include a communications interface.Communications interface allows software and data to be transferredbetween computer system and external devices. Examples of communicationsinterface may include a modem, a network interface (such as an Ethernetcard), a communications port, a Personal Computer Memory CardInternational Association (PCMCIA) slot and card, etc. Software and datatransferred via communications interface are in the form of signalswhich may be electronic, electromagnetic, optical or other signalscapable of being received by communications interface. These signals areprovided to communications interface via a communications path (e.g.,channel). This channel carries signals and may be implemented usingwire, cable, fiber optics, a telephone line, a cellular link, a radiofrequency (RF) link, wireless and other communications channels.

The terms “computer program medium” and “computer usable medium” areused to generally refer to media such as removable storage drive and ahard disk installed in hard disk drive. These computer program productsprovide software to computer system.

Computer programs (also referred to as computer control logic) arestored in main memory and/or secondary memory. Computer programs mayalso be received via communications interface. Such computer programs,when executed, enable the computer system to perform the features asdiscussed herein. In particular, the computer programs, when executed,enable the processor to perform the features of various embodiments.Accordingly, such computer programs represent controllers of thecomputer system.

In various embodiments, software may be stored in a computer programproduct and loaded into computer system using removable storage drive,hard disk drive or communications interface. The control logic(software), when executed by the processor, causes the processor toperform the functions of various embodiments as described herein. Invarious embodiments, hardware components such as application specificintegrated circuits (ASICs). Implementation of the hardware statemachine so as to perform the functions described herein will be apparentto persons skilled in the relevant art(s).

A web client includes any device (e.g., personal computer) whichcommunicates via any network, for example such as those discussedherein. Such browser applications comprise Internet browsing softwareinstalled within a computing unit or a system to conduct onlinetransactions and/or communications. These computing units or systems maytake the form of a computer or set of computers, although other types ofcomputing units or systems may be used, including laptops, notebooks,tablets, hand held computers, personal digital assistants, set-topboxes, workstations, computer-servers, main frame computers,mini-computers, PC servers, pervasive computers, network sets ofcomputers, personal computers, such as iPads, iMACs, and MacBooks,kiosks, terminals, point of sale (POS) devices and/or terminals,televisions, or any other device capable of receiving data over anetwork. A web-client may run Microsoft Internet Explorer, MozillaFirefox, Google Chrome, Apple Safari, or any other of the myriadsoftware packages available for browsing the internet.

Practitioners will appreciate that a web client may or may not be indirect contact with an application server. For example, a web client mayaccess the services of an application server through another serverand/or hardware component, which may have a direct or indirectconnection to an Internet server. For example, a web client maycommunicate with an application server via a load balancer. In variousembodiments, access is through a network or the Internet through acommercially-available web-browser software package.

As those skilled in the art will appreciate, a web client includes anoperating system (e.g., Windows NT, 95/98/2000/CE/Mobile, OS2, UNIX,Linux, Solaris, MacOS, PalmOS, etc.) as well as various conventionalsupport software and drivers typically associated with computers. A webclient may include any suitable personal computer, network computer,workstation, personal digital assistant, cellular phone, smart phone,minicomputer, mainframe or the like. A web client can be in a home orbusiness environment with access to a network. In various embodiments,access is through a network or the Internet through a commerciallyavailable web-browser software package. A web client may implementsecurity protocols such as Secure Sockets Layer (SSL) and TransportLayer Security (TLS). A web client may implement several applicationlayer protocols including http, https, ftp, and sftp.

In various embodiments, components, modules, and/or engines of thesystem may be implemented as micro-applications or micro-apps.Micro-apps are typically deployed in the context of a mobile operatingsystem, including for example, a Palm mobile operating system, a Windowsmobile operating system, an Android Operating System, Apple iOS, aBlackberry operating system and the like. The micro-app may beconfigured to leverage the resources of the larger operating system andassociated hardware via a set of predetermined rules which govern theoperations of various operating systems and hardware resources. Forexample, where a micro-app desires to communicate with a device ornetwork other than the mobile device or mobile operating system, themicro-app may leverage the communication protocol of the operatingsystem and associated device hardware under the predetermined rules ofthe mobile operating system. Moreover, where the micro-app desires aninput from a user, the micro-app may be configured to request a responsefrom the operating system which monitors various hardware components andthen communicates a detected input from the hardware to the micro-app.

“Cloud” or “Cloud computing” includes a model for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g., networks, servers, storage, applications, and services)that can be rapidly provisioned and released with minimal managementeffort or service provider interaction. Cloud computing may includelocation-independent computing, whereby shared servers provideresources, software, and data to computers and other devices on demand.For more information regarding cloud computing, see the NIST's (NationalInstitute of Standards and Technology) definition of cloud computing athttp://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc (lastvisited Feb. 4, 2011), which is hereby incorporated by reference in itsentirety.

As used herein, “transmit” may include sending electronic data from onesystem component to another over a network connection. Additionally, asused herein, “data” may include encompassing information such ascommands, queries, files, data for storage, and the like in digital orany other form.

The system contemplates uses in association with web services, utilitycomputing, pervasive and individualized computing, security and identitysolutions, autonomic computing, cloud computing, commodity computing,mobility and wireless solutions, open source, biometrics, grid computingand/or mesh computing.

Any databases discussed herein may include relational, hierarchical,graphical, or object-oriented structure and/or any other databaseconfigurations. Encryption may be performed by way of any of thetechniques now available in the art or which may become available—e.g.,Twofish, RSA, El Gamal, Schorr signature, DSA, PGP, PKI, GPG (GnuPG),and symmetric and asymmetric cryptosystems. The computers and/or PCD 130discussed herein may provide a suitable website or other Internet-basedgraphical user interface which is accessible by users.

Any of the communications, inputs, storage, databases or displaysdiscussed herein may be facilitated through a website having web pages.The term “web page” as it is used herein is not meant to limit the typeof documents and applications that might be used to interact with theuser. For example, a typical website might include, in addition tostandard HTML documents, various forms, Java applets, JavaScript, activeserver pages (ASP), common gateway interface scripts (CGI), extensiblemarkup language (XML), dynamic HTML, cascading style sheets (CSS), AJAX(Asynchronous Javascript And XML), helper applications, plug-ins, andthe like. A server may include a web service that receives a requestfrom a web server, the request including a URL(http://yahoo.com/stockquotes/ge) and an IP address (123.56.789.234).The web server retrieves the appropriate web pages and sends the data orapplications for the web pages to the IP address. Web services areapplications that are capable of interacting with other applicationsover a communication means, such as the internet. Web services aretypically based on standards or protocols such as XML, SOAP, AJAX, WSDLand UDDI. Web services methods are well known in the art, and arecovered in many standard texts. See, e.g., ALEX NGHIEM, IT WEB SERVICES:A ROADMAP FOR THE ENTERPRISE (2003), hereby incorporated by reference.

Middleware may include any hardware and/or software suitably configuredto facilitate communications and/or process transactions betweendisparate computing systems. Middleware components are commerciallyavailable and known in the art. Middleware may be implemented throughcommercially available hardware and/or software, through custom hardwareand/or software components, or through a combination thereof. Middlewaremay reside in a variety of configurations and may exist as a standalonesystem or may be a software component residing on the Internet server.Middleware may be configured to process transactions between the variouscomponents of an application server and any number of internal orexternal systems for any of the purposes disclosed herein. WebSphereMQTM (formerly MQSeries) by IBM, Inc. (Armonk, N.Y.) is an example of acommercially available middleware product. An Enterprise Service Bus(“ESB”) application is another example of middleware.

Practitioners will also appreciate that there are a number of methodsfor displaying data within a browser-based document. Data may berepresented as standard text or within a fixed list, scrollable list,drop-down list, editable text field, fixed text field, pop-up window,and the like. Likewise, there are a number of methods available formodifying data in a web page such as, for example, free text entry usinga keyboard, selection of menu items, check boxes, option boxes, and thelike.

The system and method may be described herein in terms of functionalblock components, screen shots, optional selections and variousprocessing steps. It should be appreciated that such functional blocksmay be realized by any number of hardware and/or software componentsconfigured to perform the specified functions. For example, the systemmay employ various integrated circuit components, e.g., memory elements,processing elements, logic elements, look-up tables, and the like, whichmay carry out a variety of functions under the control of one or moremicroprocessors or other control devices. Similarly, the softwareelements of the system may be implemented with any programming orscripting language such as C, C++, C#, Java, JavaScript, VBScript,Macromedia Cold Fusion, COBOL, Microsoft Active Server Pages, assembly,PERL, PHP, awk, Python, Visual Basic, SQL Stored Procedures, PL/SQL, anyUNIX shell script, and extensible markup language (XML) with the variousalgorithms being implemented with any combination of data structures,objects, processes, routines or other programming elements. Further, itshould be noted that the system may employ any number of conventionaltechniques for data transmission, signaling, data processing, networkcontrol, and the like. Still further, the system could be used to detector prevent security issues with a client-side scripting language, suchas JavaScript, VBScript or the like. For a basic introduction ofcryptography and network security, see any of the following references:(1) “Applied Cryptography: Protocols, Algorithms, And Source Code In C,”by Bruce Schneier, published by John Wiley & Sons (second edition,1995); (2) “Java Cryptography” by Jonathan Knudson, published byO'Reilly & Associates (1998); (3) “Cryptography & Network Security:Principles & Practice” by William Stallings, published by Prentice Hall;all of which are hereby incorporated by reference.

As used herein, the term “end user”, “consumer”, “customer”,“cardmember”, “business” or “merchant” may be used interchangeably witheach other, and each shall mean any person, entity, governmentorganization, business, machine, hardware, and/or software. A bank maybe part of the system, but the bank may represent other types of cardissuing institutions, such as credit card companies, card sponsoringcompanies, or third party issuers under contract with financialinstitutions. It is further noted that other participants may beinvolved in some phases of the transaction, such as an intermediarysettlement institution, but these participants are not shown.

Each participant is equipped with a computing device in order tointeract with the system and facilitate online commerce transactions.The customer has a computing unit in the form of a personal computer,although other types of computing units may be used including laptops,notebooks, hand held computers, set-top boxes, cellular telephones,touch-tone telephones and the like. The merchant has a computing unitimplemented in the form of a computer-server, although otherimplementations are contemplated by the system. The bank has a computingcenter shown as a main frame computer. However, the bank computingcenter may be implemented in other forms, such as a mini-computer, a PCserver, a network of computers located in the same of differentgeographic locations, or the like. Moreover, the system contemplates theuse, sale or distribution of any goods, services or information over anynetwork having similar functionality described herein

The merchant computer and the bank computer may be interconnected via asecond network, referred to as a payment network. The payment networkwhich may be part of certain transactions represents existingproprietary networks that presently accommodate transactions for creditcards, debit cards, and other types of financial/banking cards. Thepayment network is a closed network that is assumed to be secure fromeavesdroppers. Exemplary transaction networks may include the AmericanExpress®, VisaNet® and the Veriphone® networks.

The electronic commerce system may be implemented at the customer andissuing bank. In an exemplary implementation, the electronic commercesystem is implemented as computer software modules loaded onto thecustomer computer and the banking computing center. The merchantcomputer does not require any additional software to participate in theonline commerce transactions supported by the online commerce system.

As will be appreciated by one of ordinary skill in the art, the systemmay be embodied as a customization of an existing system, an add-onproduct, a processing apparatus executing upgraded software, a standalone system, a distributed system, a method, a data processing system,a device for data processing, and/or a computer program product.Accordingly, any portion of the system or a module may take the form ofa processing apparatus executing code, an internet based embodiment, anentirely hardware embodiment, or an embodiment combining aspects of theinternet, software and hardware. Furthermore, the system may take theform of a computer program product on a computer-readable storage mediumhaving computer-readable program code means embodied in the storagemedium. Any suitable computer-readable storage medium may be utilized,including hard disks, CD-ROM, optical storage devices, magnetic storagedevices, and/or the like.

The system and method is described herein with reference to screenshots, block diagrams and flowchart illustrations of methods, apparatus(e.g., systems), and computer program products according to variousembodiments. It will be understood that each functional block of theblock diagrams and the flowchart illustrations, and combinations offunctional blocks in the block diagrams and flowchart illustrations,respectively, can be implemented by computer program instructions.

These computer program instructions may be loaded onto a general purposecomputer, special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructionsthat execute on the computer or other programmable data processingapparatus create means for implementing the functions specified in theflowchart block or blocks. These computer program instructions may alsobe stored in a computer-readable memory that can direct a computer orother programmable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instruction meanswhich implement the function specified in the flowchart block or blocks.The computer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer-implemented process such that theinstructions which execute on the computer or other programmableapparatus provide steps for implementing the functions specified in theflowchart block or blocks.

Accordingly, functional blocks of the block diagrams and flowchartillustrations support combinations of means for performing the specifiedfunctions, combinations of steps for performing the specified functions,and program instruction means for performing the specified functions. Itwill also be understood that each functional block of the block diagramsand flowchart illustrations, and combinations of functional blocks inthe block diagrams and flowchart illustrations, can be implemented byeither special purpose hardware-based computer systems which perform thespecified functions or steps, or suitable combinations of specialpurpose hardware and computer instructions. Further, illustrations ofthe process flows and the descriptions thereof may make reference touser windows, webpages, websites, web forms, prompts, etc. Practitionerswill appreciate that the illustrated steps described herein may comprisein any number of configurations including the use of windows, webpages,web forms, popup windows, prompts and the like. It should be furtherappreciated that the multiple steps as illustrated and described may becombined into single webpages and/or windows but have been expanded forthe sake of simplicity. In other cases, steps illustrated and describedas single process steps may be separated into multiple webpages and/orwindows but have been combined for simplicity.

The term “non-transitory” is to be understood to remove only propagatingtransitory signals per se from the claim scope and does not relinquishrights to all standard computer-readable media that are not onlypropagating transitory signals per se. Stated another way, the meaningof the term “non-transitory computer-readable medium” and“non-transitory computer-readable storage medium” should be construed toexclude only those types of transitory computer-readable media whichwere found in In Re Nuijten to fall outside the scope of patentablesubject matter under 35 U.S.C. § 101.

Systems, methods and computer program products are provided. In thedetailed description herein, references to “various embodiments”, “oneembodiment”, “an embodiment”, “an example embodiment”, etc., indicatethat the embodiment described may include a particular feature,structure, or characteristic, but every embodiment may not necessarilyinclude the particular feature, structure, or characteristic. Moreover,such phrases are not necessarily referring to the same embodiment.Further, when a particular feature, structure, or characteristic isdescribed in connection with an embodiment, it is submitted that it iswithin the knowledge of one skilled in the art to effect such feature,structure, or characteristic in connection with other embodimentswhether or not explicitly described. After reading the description, itwill be apparent to one skilled in the relevant art(s) how to implementthe disclosure in alternative embodiments.

Benefits, other advantages, and solutions to problems have beendescribed herein with regard to specific embodiments. However, thebenefits, advantages, solutions to problems, and any elements that maycause any benefit, advantage, or solution to occur or become morepronounced are not to be construed as critical, required, or essentialfeatures or elements of the disclosure. The scope of the disclosure isaccordingly to be limited by nothing other than the appended claims, inwhich reference to an element in the singular is not intended to mean“one and only one” unless explicitly so stated, but rather “one ormore.” Moreover, where a phrase similar to ‘at least one of A, B, and C’or ‘at least one of A, B, or C’ is used in the claims or specification,it is intended that the phrase be interpreted to mean that A alone maybe present in an embodiment, B alone may be present in an embodiment, Calone may be present in an embodiment, or that any combination of theelements A, B and C may be present in a single embodiment; for example,A and B, A and C, B and C, or A and B and C. Although the disclosureincludes a method, it is contemplated that it may be embodied ascomputer program instructions on a tangible computer-readable carrier,such as a magnetic or optical memory or a magnetic or optical disk. Allstructural, chemical, and functional equivalents to the elements of theabove-described exemplary embodiments that are known to those ofordinary skill in the art are expressly incorporated herein by referenceand are intended to be encompassed by the present claims. Moreover, itis not necessary for a device or method to address each and everyproblem sought to be solved by the present disclosure, for it to beencompassed by the present claims. Furthermore, no element, component,or method step in the present disclosure is intended to be dedicated tothe public regardless of whether the element, component, or method stepis explicitly recited in the claims. No claim element herein is to beconstrued under the provisions of 35 U.S.C. 112 (f), unless the elementis expressly recited using the phrase “means for.” As used herein, theterms “comprises”, “comprising”, or any other variation thereof, areintended to cover a non-exclusive inclusion, such that a process,method, article, or apparatus that comprises a list of elements does notinclude only those elements but may include other elements not expresslylisted or inherent to such process, method, article, or apparatus.

The invention claimed is:
 1. A method, comprising: obtaining, by atleast one computing device, a plurality of data elements correspondingto a plurality of biometric characteristics of a user; receiving, by theat least one computing device, a user-defined sequence of individualones of the plurality of data elements for a registered biometricidentifier; generating, by the at least one computing device, theregistered biometric identifier based on the user-defined sequence;linking, by the at least one computing device, the registered biometricidentifier to a transaction account associated with the user; receiving,by the at least one computing device, a transaction request comprisingthe transaction account and a transaction request biometric identifier;determining, by the at least one computing device, a speed associatedwith a user entering the transaction request biometric identifier; andauthorizing the transaction request based at least in part on the speedbeing within a predefined threshold and based at least in part on thetransaction request biometric identifier matching the registeredbiometric identifier stored in a database.
 2. The method of claim 1,further comprising: generating, by the at least one computing device, asecond registered biometric identifier based at least in part on asecond user-defined sequence of the plurality of data elements; andlinking, by the at least one computing device, the second registeredbiometric identifier to a second transaction account associated with theuser.
 3. The method of claim 1, wherein the plurality of biometriccharacteristics include at least one of a fingerprint, a facial scan, anear scan, a vascular pattern, a DNA sample, a hand geometry, a typingstyle, or a voice sample.
 4. The method of claim 1, wherein linking theregistered biometric identifier with the transaction account comprisesstoring the registered biometric identifier in the database associatedwith the transaction account.
 5. The method of claim 1, furthercomprising: receiving, by the at least one computing device, a requestto modify the registered biometric identifier, the request including auser-defined configuration of the individual ones of the plurality ofdata elements; generating, by the at least one computing device, amodified biometric identifier based on the user-defined configuration;and linking, by the at least one computing device, the modifiedbiometric identifier to the transaction account.
 6. A system,comprising: at least one computing device; and at least one applicationexecutable on the at least one computing device, wherein, when executed,the at least one application causes the at least one computing device toat least: receive a transaction request including a transaction accountassociated with a user and a first biometric identifier provided by theuser, the first biometric identifier including a plurality of dataelements corresponding to a plurality of biometric characteristics ofthe user; determine an elapsed time associated with a user input of theplurality of data elements for the first biometric identifier; obtain asecond biometric identifier from a database, the second biometricidentifier being linked to the transaction account; and authorize thetransaction request based at least in part on the elapsed time beingwithin a predefined period of time and a comparison of the firstbiometric identifier with the second biometric identifier.
 7. The systemof claim 6, wherein the plurality of biometric characteristics compriseat least one of: a fingerprint, a facial scan, an ear scan, a vascularpattern, a DNA sample, a hand geometry, a typing style, or a voicesample.
 8. The system of claim 6, wherein authorizing the transactionrequest is further based at least in part on at least one of: a qualityof the plurality of data elements, an orientation of a capture of theplurality of biometric characteristics, or a sequencing of the pluralityof data elements.
 9. The system of claim 6, wherein, when executed, theat least one application causes the at least one computing device to atleast generate a confidence factor based at least in part on thecomparison of the first biometric identifier and the second biometricidentifier, the transaction request being authorized in response to theconfidence factor being within a predefined threshold.
 10. The system ofclaim 6, wherein, when executed, the at least one application causes theat least one computing device to at least: generate an authorizationmessage in response to authorizing the transaction request; and transmitthe authorization message to a client device.
 11. The system of claim 6,wherein, when executed, the at least one application causes the at leastone computing device to at least: receive a second plurality of dataelements from a computing device associated with a user; generate thesecond biometric identifier based on the second plurality of dataelements and a user-defined configuration; and associate the secondbiometric identifier with the transaction account.
 12. A method,comprising: receiving, by at least one computing device, a transactionrequest including a transaction account associated with a user and afirst biometric identifier provided by the user, the first biometricidentifier including a plurality of data elements corresponding to aplurality of biometric characteristics; obtaining, by the at least onecomputing device, a second biometric identifier from a database, thesecond biometric identifier being linked to the transaction account;determining, by the at least one computing device, an elapsed timecorresponding to a user entering individual data elements of the firstbiometric identifier; comparing, by the at least one computing device,the first biometric identifier with the second biometric identifier; andauthorizing, by the at least one computing device, the transactionrequest based at least in part on the first biometric identifiermatching the second biometric identifier and the elapsed time beingwithin a predefined period of time.
 13. The method of claim 12, whereinthe first biometric identifier and the second biometric identifierinclude a respective sequence of individual data elements of theplurality of data elements.
 14. The method of claim 12, wherein theplurality of biometric characteristics comprise at least one of: afingerprint, a facial scan, an ear scan, a vascular pattern, a DNAsample, a hand geometry, a typing style, or a voice sample.
 15. Themethod of claim 12, further comprising: generating, by the at least onecomputing device, a confidence score based at least in part on comparingthe first biometric identifier with the second biometric identifier,wherein authorizing the transaction request occurs in response to theconfidence score meeting or exceeding a predefined threshold.
 16. Themethod of claim 12, further comprising: receiving, by the at least onecomputing device, a registration request including a second plurality ofdata elements corresponding to the plurality of biometriccharacteristics; receiving, by the at least one computing device, auser-defined configuration of the second plurality of data elements; andgenerating, by the at least one computing device, the second biometricidentifier based at least in part on the user-defined configuration. 17.The method of claim 12, further comprising storing, by the at least onecomputing device, the second biometric identifier in the databaseassociated with the transaction account.
 18. The method of claim 12,wherein the first biometric identifier and the second biometricidentifier include a sequence of individual data elements of theplurality of data elements, and the sequence comprises a combination ofa voiceprint and a text character.
 19. The method of claim 12, whereinthe first biometric identifier and the second biometric identifierinclude a sequence of individual data elements of the plurality of dataelements, and the sequence comprises a combination of a fingerprint anda text character.